Configuring Access Manager 7.1 Using the Configurator
Access Manager 7.1 includes the Configurator (configurator.jsp) to configure Access Manager after you deploy a WAR file.
Caution – Before you run the Configurator, make sure that the code set in the LANG environment variable is set to ISO8859-1. For example, to set the code set for U.S. English if you are using the sh or ksh shell:
# LANG=en_US.ISO8859-1
To launch Access Manager 7.1, specify the following URL in your browser:
http://host.domain:port/amserver
When you launch Access Manager 7.1, if you have not already configured the Access Manager instance, you will be directed to the Configurator page. If the Access Manager 7.1 instance is already configured successfully, you will be directed to the Access Manager Console login page.
To Configure Access Manager 7.1 Using the Configurator
-
Enter the following values for the Access Manager Settings (or accept the default values).
The Server Settings are independent of the datastore that you select (File System or Directory Server) to store the Access Manager configuration data.
Server Settings
Server URL
Host server where you plan to deploy Access Manager. Can be one of the following:
-
Host name. For example: amhost1
-
Fully qualified domain name (FQDN). For example: http://amhost1.example.com
If you plan to use the Access Manager client SDK or a policy agent, you must specify the FQDN.
-
localhost
Default: Host where you are deploying Access Manager.
Cookie Domain
Name of the trusted DNS domain that Access Manager returns to a browser when it grants a SSO token to a user. Specify a value only if the FQDN is used as the Server URL. For example, if the FQDN for Server URL is http://amhost1.example.com, the default value is .example.com.
If you selected only the host name or localhost for the Server URL, Cookie Domain is set to blank, and any value you enter is ignored.
Administrator
Name
amAdmin (read-only)
Password
Access Manager administrator (amAdmin) password. Enter and then retype to confirm the password. The password must be at least 8 characters long.
General Settings
Configuration Directory
Base directory where the Access Manager configuration data is stored. The base directory applies to either File System or Directory Server, which you select under Configuration Store Settings.
For example: /am_configuration_data
Access Manager creates the following files and directories under the Configuration Directory:
-
AMConfig.properties file
-
serverconfig.xml file
-
LDIF files (if you select Directory Server to store the service configuration data)
-
deploy-uri directory
-
deploy-uri/log directory
-
deploy-uri/stats directory
-
deploy-uri/debug directory
-
deploy-uri/idRepo directory: All users are created under this directory, even if you select Directory Server to store the service configuration data, since it is the default data store.
-
/deploy-uri/sms/ directory: Directories for the service configuration schema XML files
deploy-uri is the Access Manager server deployment URI. The default is /amserver.
The Access Manager instance determines the location of the Configuration Directory using the Access Manager 7.1 Single WAR Bootstrap File.
Platform Locale
Default language subtype for Access Manager. Default: en_US (US English)
Encryption Key
Random number that is used to encrypt passwords. Either accept the default encryption key value or specify a new value. The encryption key should be at least 12 characters long.
Multiple server deployment: If you are using the same WAR file to deploy multiple Access Manager instances in a multiple server deployment, you must use the same password encryption key value for each instance.
See Requirements for an Access Manager Single WAR File Deployment.
-
-
Select either of the following options to store the Access Manager configuration data:
Configuration Store Settings
File System
Access Manager stores the service configuration data in directories under the ConfigurationDirectory/amserver/sms directory.
For example: /am_configuration_data/amserver/sms
Default is File System.
Note: If you use an Access Manager server deployment URI other than amserver, that value is used instead of amserver for the directory name.
Directory Server
Access Manager stores the service configuration data in Sun Java System Directory Server 6.
Directory Server 6 must be installed and running before you deploy the Access Manager 7.1 WAR file.
Note: All users are created under the /idRepo directory, even if you select Directory Server 6 to store the service configuration data.
-
If you selected Directory Server in Step 2, provide values for the following settings:
Server Settings
Name
Fully qualified host name of Directory Server. For example: ds.example.com
Port
Port at which Directory Server is running. Default: 389
Suffix to store configuration data
Initial or root suffix in the directory where Access Manager configuration data will be stored. This value must exist in the Directory Server you are using. For example: dc=ds,dc=example,dc=com
Directory Server Administrator
Directory Administrator DN
Distinguished Name (DN) of the Directory Server Administrator. Default: cn=Directory Manager
Password
Directory Server administrator password. Enter and then retype to confirm the password. The password must be at least eight characters long.
Load User Management Schema
Load Access Manager SDK Schema
If checked, the Configurator loads the Access Manager SDK schema object classes and attributes from sunone_schema2.ldif, ds_remote_schema.ldif, plugin.ldif, index.ldif and install.ldif into Directory Server.
Otherwise, the Configurator loads only the Access Manager service management services (SMS) object classes and attributes from the am_sm_ds_schema.ldif file into Directory Server.
-
Click Configure.
(To reset all values, click Reset.)
Next Steps
The Configurator displays the configuration status:
-
Succeeded: The Configurator displays a link to redirect you to the Access Manager Console login page. Login as amAdmin and the password you specified during the configuration.
-
Failed: The Configurator displays an error message that describes the failure. If a configuration error occurred (such as an invalid password or host name), Access Manager returns to the Configurator page. Correct the error and continue. For some errors, the message will point to the Access Manager log files to help you to determine the error.
Depending on when a failure occurs, the debug logs might not be created in their default locations. In this situation, check the logs for the following directory under the Access Manager web container:
@BASE_DIR@@SERVER_URI@/@DEBUG_SUBDIR@
Note –
If configuration was successful, you cannot reconfigure Access Manager using the Configurator. If you subsequently invoke the Configurator, Access Manager displays either the login page or the Console. If you are already logged in and have a valid session, you are redirected to the console. If you do not have a valid session, Access Manager displays the login page.
Access Manager 7.1 Single WAR Bootstrap File
An Access Manager instance deployed from a WAR file uses a bootstrap file to determine the location of its configuration data. The bootstrap file is an ASCII text file containing a single entry that specifies the location of the configuration directory for the specific Access Manager instance.
Each configured Access Manager instance on a host server has a unique bootstrap file. When you run the Configurator, a bootstrap file is created with the following name for the specific Access Manager instance:
user-home-directory/AccessManager/AMConfig_deployed-instance-server-path_deploy-uri
Where:
-
user-home-directory is the home directory of the user who deployed the Access Manager instance from the WAR file.
-
deployed-instance-server-path is the path of the deployed Access Manager instance.
-
deploy-uri is the Access Manager server deployment URI.
For example, an Access Manager instance deployed by superuser (root) with Sun Java System Web Server 7 as the web container would have the following bootstrap file:
/AccessManager/AMConfig_var_opt_ SUNWwbsvr7_https-amhost.example.com_web-app_amhost.example.com_amserver
Each time the Access Manager web container is restarted, the Access Manager instance accesses the single WAR bootstrap file to determine the location of its configuration data. If the single WAR bootstrap file is deleted, Access Manager displays the Configurator page instead of the login page, which allows you to reconfigure the Access Manager instance.
The value in the bootstrap file is determined from the value you enter in the Configurator Configuration Directory field. For example:
/am_configuration_data
Specifying a Bootstrap File in a Different Directory
If you prefer, you can specify that the bootstrap file be created in a directory other than the user's home directory.
To Specify a Bootstrap File in a Different Directory:
-
Create a staging area for the Access Manager WAR file (amserver.war) on the host server. For example: /amwar.
-
Extract all files from the amserver.war file in the staging area. For example:
# cd /amwar # jar -xvf zip_root/applications/jdk15/amserver.war
Where zip_root is the directory where you unzipped the Access Manager 7.1 WAR file.
-
Add the following entry to the WEB-INF/web.xml file:
<context-param> <param-name>com.sun.identity.bootClassPath</param-name> <param-value>/user_defined_directory</param-value> </context-param>
Where user_defined_directory is the new location of the bootstrap file.
-
Create a new amserver.war file. For example:
# mkdir ../newamwar # jar -cvf ../newamwar/amserver.war *
-
Deploy the new Access Manager WAR file.
In this example, if user_defined_directory is programs, the location of the bootstrap file would be:
/programs/AccessManager/AMConfig_var_opt_ SUNWwbsvr7_https-amhost.example.com_web-app_amhost.example.com_amserver
- © 2010, Oracle Corporation and/or its affiliates